@geoffwhere Don't give up yet! As I said before it can be a steep learning curve.
You have unknowingly hit another possible ptifall in the way you decided to assign "/mnt/Primary_Data/Geoff" as the path of the "geoff" user's "Home Directory" when creating that account in FreeNAS. Not only is this unnecessary in your case, but causes ACL complications. It explains why the ACL on that dataset as shown in #29 (correct) changed to that in #33 (wrong). What happened was after first setting the correct ACL via the ACL editor any subsequent change to the "geoff" account where that same dataset is used as the account's "Home Directory" resets the ACL to effectively that of a GENERIC share type and undoes the ACL editor setting. So this really is causing you problems on the FreeNAS side.
You should set the "geofff" account "Home Directory" to its default of "/nonexistent"
Anyway, let's get over the hurdles. How about test driving this instruction set?
IN FREENAS
1. Create a new test user, filling in the following:
full name:
username:
password:
Keep the default of new primary group selected
Keep the default directory as "/nonexistent" and the default home directory permissions
Keep "disable password" as "no"
Set the shell to "nologin"
Do not select "Microsoft Account"
then SAVE
Make a note of the username and password used for later.
2. Create a new dataset, eg Primary_data/testset
Set the "Share Type" to "SMB"
Leave other setting as is, except you can turn set "Enable Atime" to "off"
then SAVE
3. Edit the ACL of the new dataset
Leave the owner/group as root/wheel
Click on "ADD ACL ITEM"
Set "who" to "User"
Select the name of your new test user from the dropdown list
Select "Permissions" to "Full Control"
then SAVE
(As this new dataset is empty there's no point in applying permission recursively)
4. Add a new windows share
Navigate to the name of the new dataset and select this as the share path.
(The dataset will be displayed with (ACL) appended to its name)
The share name will default to the new dataset name
Leave other settings as is
then SAVE
IN WINDOWS
5. Log into Windows with your usual name/password (not the name of new test user added in FreeNAS).
6. Check for old & now invalid credentials saved in the windows Credentials Manager. Remove any FreeNAS Credentials.
7. Disconnect from any existing FreeNAS drive mappings.
8. Log off Windows and then log in as per step 5 and check there are no FreeNAS credentials in the credential manager and no drive mappings appear in file explorer.
9. Use File explorer to map the new dataset to a windows drive letter.
On the Map Network Drive dialogue
select a drive letter of your choice
set Folder to share path in the format \\FREENAS\<sharename> (share name will be the new dataset name)
click to select both "Reconnect at sign-on" and "Connect using different credentials"
click Finish and you should be prompted to "Enter Network Credentials"
On the Enter Network Credentials dialogue enter the name and password of the new test user added to FreeNAS
and importantly click on the "remember my credentials" tickbox then click on OK.
If a second prompt appears asking to enter the password again for this user, do the same and select "remember my credentials"then click on OK.
You should now have access to your FreeNAS windows share. The mapped drive should be available after a Windows restart, or if you log off Windows and then log in again.